| 47221 |
2020-07-27 14:57
|
astx_setup.exe e766db22a97ac40e4e8c926f272250ab
Malware AutoRuns MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Auto service AppData folder malicious URLs sandbox evasion WriteConsoleW Firewall state off anti-virtualization Ransomware Windows ComputerName |
|
|
|
|
10.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47222 |
2020-07-27 14:55
|
OnlineVerifierSetup_2.0.0.3.ex... e439a11c93d96e76ee12750e408e2430
VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check human activity check Windows ComputerName keylogger |
|
|
|
|
6.6 |
|
19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47223 |
2020-07-27 14:50
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(216.58.220.138)
216.58.200.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47224 |
2020-07-27 14:48
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(216.58.220.138)
216.58.200.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47225 |
2020-07-27 14:44
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.175.234)
172.217.163.234
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47226 |
2020-07-27 14:27
|
ransom.js 6d6a0d13f1f121e62535b378f3f17a0f
Dridex Malware wscript.exe payload download malicious URLs Tofsee DNS |
2
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
1
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47227 |
2020-07-27 14:23
|
node-v12.18.0-x64.msi e3f6617be3157b28ffee007e5d2790d2
Buffer PE suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Ransomware Browser ComputerName crashed |
|
|
|
|
6.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47228 |
2020-07-27 14:20
|
GitHubDesktop.exe a4c31cb51f5dee95156e1925d87fb4ec
PDB crashed |
|
|
|
|
0.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47229 |
2020-07-27 14:19
|
Update.exe bbd904ed987663236c996b9550903d04
Check memory Checks debugger unpack itself malicious URLs WriteConsoleW Windows Cryptographic key |
|
|
|
|
2.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47230 |
2020-07-27 14:18
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.27.74)
216.58.220.202
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47231 |
2020-07-27 14:17
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.27.74)
172.217.24.42
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47232 |
2020-07-27 14:14
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.26.42)
172.217.161.170
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47233 |
2020-07-27 14:13
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.26.42)
216.58.199.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47234 |
2020-07-27 14:10
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.26.42)
216.58.200.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47235 |
2020-07-27 14:01
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.26.42)
172.217.161.170
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|